From: Sean Christopherson <seanjc@google.com>
To: Yosry Ahmed <yosry@kernel.org>
Cc: Jim Mattson <jmattson@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/6] KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE
Date: Thu, 12 Mar 2026 08:54:38 -0700 [thread overview]
Message-ID: <abLhvoAg17OKMrxR@google.com> (raw)
In-Reply-To: <CAO9r8zO_Mo-98MqREwHq4JN0bA11H2EpmNmUkAU5QvNm9OGNbg@mail.gmail.com>
On Thu, Mar 12, 2026, Yosry Ahmed wrote:
> > diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> > index c8e292e9a24d..74df977a38ca 100644
> > --- a/arch/x86/kvm/emulate.c
> > +++ b/arch/x86/kvm/emulate.c
> > @@ -3867,18 +3867,10 @@ static int check_svme(struct x86_emulate_ctxt *ctxt)
> > if (!(efer & EFER_SVME))
> > return emulate_ud(ctxt);
> >
> > - return X86EMUL_CONTINUE;
> > -}
> > -
> > -static int check_svme_pa(struct x86_emulate_ctxt *ctxt)
> > -{
> > - u64 rax = reg_read(ctxt, VCPU_REGS_RAX);
> > -
> > - /* Valid physical address? */
> > - if (rax & 0xffff000000000000ULL)
> > + if (ctxt->ops->cpl(ctxt))
> > return emulate_gp(ctxt, 0);
> >
> > - return check_svme(ctxt);
> > + return X86EMUL_CONTINUE;
> > }
> >
> > static int check_rdtsc(struct x86_emulate_ctxt *ctxt)
> > @@ -3984,10 +3976,10 @@ static const struct opcode group7_rm2[] = {
> > };
> >
> > static const struct opcode group7_rm3[] = {
> > - DIP(SrcNone | Prot | Priv, vmrun, check_svme_pa),
> > + DIP(SrcNone | Prot | Priv, vmrun, check_svme),
> > II(SrcNone | Prot | EmulateOnUD, em_hypercall, vmmcall),
> > - DIP(SrcNone | Prot | Priv, vmload, check_svme_pa),
> > - DIP(SrcNone | Prot | Priv, vmsave, check_svme_pa),
> > + DIP(SrcNone | Prot | Priv, vmload, check_svme),
> > + DIP(SrcNone | Prot | Priv, vmsave, check_svme),
> > DIP(SrcNone | Prot | Priv, stgi, check_svme),
> > DIP(SrcNone | Prot | Priv, clgi, check_svme),
> > DIP(SrcNone | Prot | Priv, skinit, check_svme),
> > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> > index e6691c044913..e1223c07593b 100644
> > --- a/arch/x86/kvm/svm/svm.c
> > +++ b/arch/x86/kvm/svm/svm.c
> > @@ -2294,7 +2294,7 @@ static int gp_interception(struct kvm_vcpu *vcpu)
> > EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
> > } else {
> > /* All SVM instructions expect page aligned RAX */
> > - if (svm->vmcb->save.rax & ~PAGE_MASK)
> > + if (!page_address_valid(vcpu, svm->vmcb->save.rax))
> > goto reinject;
>
> Final observation (hopefully), this check needs to be moved to the
> VMRUN/VMLOAD/VMSAVE interception functions.
Gah, yeah. I noticed that when initially typing up my response, but lost track
of it when I got distracted by all the emulator crud.
> As kvm_vcpu_map() failures will stop injecting #GP, we still need to handle
> the case where allow_smaller_maxphyaddr is used and the GPA is illegal from
> the vCPU's perspective but not the host.
allow_smaller_maxphyaddr is irrelevant. My read of the APM is that the intercept
has priority over the #GP due to a bad RAX. So with vls=0, KVM needs to check
RAX irrespective of allow_smaller_maxphyaddr.
next prev parent reply other threads:[~2026-03-12 15:54 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-06 21:08 [PATCH v2 0/6] KVM: nSVM: Fix vmcb12 mapping failure handling Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 1/6] KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE Yosry Ahmed
2026-03-06 22:27 ` Jim Mattson
2026-03-06 22:37 ` Yosry Ahmed
2026-03-06 23:12 ` Jim Mattson
2026-03-06 23:20 ` Yosry Ahmed
2026-03-06 23:45 ` Jim Mattson
2026-03-07 0:32 ` Sean Christopherson
2026-03-11 18:31 ` Yosry Ahmed
2026-03-11 20:07 ` Yosry Ahmed
2026-03-11 20:39 ` Sean Christopherson
2026-03-11 20:50 ` Yosry Ahmed
2026-03-11 23:01 ` Sean Christopherson
2026-03-11 23:22 ` Yosry Ahmed
2026-03-12 1:27 ` Yosry Ahmed
2026-03-12 1:38 ` Sean Christopherson
2026-03-12 15:50 ` Yosry Ahmed
2026-03-12 15:54 ` Sean Christopherson [this message]
2026-03-12 16:19 ` Yosry Ahmed
2026-03-07 0:28 ` Sean Christopherson
2026-03-07 0:31 ` Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 2/6] KVM: nSVM: Simplify error handling of nested_svm_copy_vmcb12_to_cache() Yosry Ahmed
2026-03-12 18:13 ` Sean Christopherson
2026-03-12 21:01 ` Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 3/6] KVM: SVM: Treat mapping failures equally in VMLOAD/VMSAVE emulation Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 4/6] KVM: nSVM: Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12 fails Yosry Ahmed
2026-03-07 1:09 ` Yosry Ahmed
2026-03-09 13:56 ` Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 5/6] KVM: selftests: Rework svm_nested_invalid_vmcb12_gpa Yosry Ahmed
2026-03-06 21:09 ` [PATCH v2 6/6] KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's name Yosry Ahmed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abLhvoAg17OKMrxR@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox